While the real Elon Musk was causing dogecoin headaches as he hosted "Saturday Night Live," scammers capitalized on his appearance to defraud people of millions of dollars in cryptocurrency — the latest round in a growing type of scam.
Verified Twitter accounts are being hacked and turned into impersonations of celebrities. These accounts' blue check marks help trick people into thinking the offers of crypto — in exchange for first sending small amounts of crypto — were legitimate.
Crypto fraudsters have long tried to impersonate Musk, and since 2018, Twitter has been clamping down on scammers doing so. Between October and March, Musk impersonators stole $2 million in crypto through giveaway scams, a Federal Trade Commission report released Monday showed.
But last weekend's scammers didn't impersonate Musk. They impersonated other celebrities and "SNL" itself. One expert has estimated that they got away with $10 million worth of crypto.
Musk's celebrity and his ties to the volatile, unregulated world of crypto made his "SNL" hosting an opportunity for scammers. His presence on social media gave them something to tap into.
One of the hacked accounts replied to Musk's tweet about his appearance on "SNL" to say 5,000 bitcoins, worth about $275 million, would be distributed to everyone who took part in the giveaway.
Hackers changed the profile pictures and names of verified accounts to resemble the official "SNL" account — a few imitated the official Miley Cyrus and Tesla accounts, too — blue check marks and all.
The compromised profiles, ranging from hockey player Troy Stecher to Brazilian politician Luiz Fernando Pezão, then encouraged users to participate in cryptocurrency giveaways.
All you had to do was follow a link to websites such as snlmusk.com to win some quick cash. But there was a catch.
People were first required to "verify" themselves by sending over a fraction of the promised amount to a cryptocurrency address. Once verified, the money would be returned, and then some, the website promised. But the money was never returned, and the promised winnings never appeared.
The exact amount lost across sites from the scam is unclear, but Satnam Narang, a staff research engineer at the cyber-exposure company Tenable, estimated on the company's blog that users lost more than $10 million worth of cryptocurrency between May 7 and 9, the weekend of Musk's "SNL" appearance.
The scammers behind snlmusk.com alone scooped up nearly $150,000 worth of ethereum, bitcoin, and dogecoin, transaction histories for the three cryptocurrencies showed. Dogecoin was the most profitable currency for these scammers, who made the equivalent of $104,670.26 on it.
Tom Robinson, a cofounder and the chief scientist of Elliptic, a blockchain-analytics company, told Insider by email that over the weekend of Musk's "SNL" appearance, one bitcoin wallet connected to the scams received $353,519 worth of bitcoin across 295 transactions.
"All of this bitcoin has now been moved out of this wallet and is in the process of being laundered. Around 20% has been sent to exchanges so far — in particular exchanges based in Asia," Robinson added.
CoinTracker showed that the value of dogecoin reached an all-time high of $0.68 on May 7, the night before Musk's "SNL" appearance, up from $0.06 in early April.
But it fell sharply after Musk called it a "hustle" on the show. It is now above $0.50.
Narang said the "SNL" impersonation accounts were just the latest rendition of cryptocurrency giveaway scams, which he traced back to 2017.
He added that YouTube was rife with similar schemes leading up to the show, which was broadcast on May 8.
Scammers created imitation "SNL" accounts on YouTube and ran old videos of Elon Musk, which featured fake tweets by the SpaceX founder promoting a dogecoin giveaway and a URL for users to visit.
The videos were livestreamed to make them appear even more legitimate, since Elon Musk had tweeted a YouTube link for viewers around the globe to watch his appearance on "SNL."
"I just think this was a perfect storm, because you also had Elon Musk tweeting, 'Hey, for international viewers that can't watch "SNL," they're going to be streaming it on YouTube,'" Narang said.
At one point, the YouTube impersonation channel "SNL Live" boasted 269,000 subscribers and 14,500 live viewers, and it broadcast a link to doge-event.info. The scammers behind one address posted on this website made off with an astounding $1,476,812.45 worth of dogecoin, its transaction history showed.
Narang said he estimated that $9 million of the $10 million stolen came from YouTube-originated scams.
The FBI declined to comment on last weekend's giveaway scam. A Twitter spokesperson said the compromised accounts were swiftly restored to their rightful owners.
These giveaway scams all happened despite a similar scam that occurred in July following a massive breach of high-profile accounts, including Musk's.
Those hackers compromised 130 Twitter accounts and netted more than $100,000 worth of bitcoin. Three people, two of whom were teenagers, have been charged in connection with that scam.
These scams may appear more legitimate because genuine cash giveaways, fronted by celebrities, also occur.
Last August, Cardi B and Megan Thee Stallion partnered with Cash App , a peer-to-peer payment app, to promote their hit song "WAP," tweeting that they would give away $1 million, split among some lucky winners. Twitter users simply had to post their Cash App username and a reason they should win.
But some were fooled into sending $15 or $20 to accounts that impersonated the Grammy winners. Since users had already posted their Cash App usernames, scammers knew whom to target.
These phony accounts asked users to "verify" that they were real by sending money, with a promise that their money would be returned with a much larger chunk of change. But the money was never returned.
Narang warned that posting your Cash App username can be bait for cybercriminals: "It's like pointing people to your email address, right? It's an easy way for them to then have an entry point to contact you." Once your username is out in the open, it makes you a bigger target for requests on Cash App.
The real Cash App giveaways don't ask for money or verification up front. If you were a lucky winner, you would simply receive cash. Narang said scammers "use this advance-fee fraud type of scam in order to get users to pony up a little bit of money in the hopes they'll get it."
The same scheme seems to have occurred during other Cash App giveaways over the past year, in which scammers impersonated Lil Nas X, Miley Cyrus, Justin Bieber, and Chance the Rapper.
The impersonation scams are part of a surge in fraud that originated on social media, in which $261 million was reported stolen in 2020, a 130% increase from 2019.
John Breyault, the vice president of fraud at National Consumers League, said the proliferation of P2P payment apps may be partly responsible for this uptick.
The ability to instantly send money via apps such as Cash App, Venmo, or Zelle makes it easy for scammers to collect quick cash, he said.
Breyault also said the COVID-19 pandemic — and the increased screen time, isolation, and unemployment that have resulted — could be another reason more people are falling for social-media scams.
Exposure to scams have become more likely as we spend more time on these platforms, Breyault said, and social isolation decreases the chances that someone will mention a giveaway to another person, who may have otherwise warned them about it.
Soaring unemployment rates have also put social-media users in a vulnerable position. Breyault said people in desperate economic straits are looking for a lifeline, "so their defenses against this kind of scam could be lower."
"The protections are probably going to be less if you are using cryptocurrency or one of the P2P payment apps. That's one of the bugs-slash-features of cryptocurrency — once the money is gone, it's gone," Breyault said.
Unlike credit cards, P2P payment apps don't allow users to reverse or cancel payments. Breyault said since users "actively sent the money, even if it was for ultimately a fraudulent purpose," they may have a tough time retrieving their losses.
So it's probably best to have your guard up when cryptocurrency and Cash App giveaways are advertised.
If you are participating in a celebrity-promoted Cash App giveaway, ensure that the person on the opposite side of the transaction is verified by CashApp with a blue check mark. Narang suggested going so far as to turn off incoming Cash App requests so that you can only receive money, not send it out.
Regarding Twitter, Narang said that enabling two-factor authentication was critical to keep your account secure from hackers who may acquire it to make it impersonate a celebrity's.
So if hackers attempt to log in to your account from a new device, they will need to provide another piece of personal information — email address, phone number, code, answers to identifying questions — before they can gain access.
"I think the risks when it comes to giveaways that you see on social media probably outweigh the potential benefits," Breyault added. "I would say if you're at all concerned about fraud, it's probably just safer to steer away from these."